Re: [PATCH v3 12/21] conf: Add Intel TDX Quote Generation Service(QGS) support
On Wed, Jul 09, 2025 at 02:52:05AM +0000, Duan, Zhenzhong wrote:
>-----Original Message-----
>From: Daniel P. Berrangé <berrange(a)redhat.com>
>Subject: Re: [PATCH v3 12/21] conf: Add Intel TDX Quote Generation
>Service(QGS) support
>
>On Mon, Jun 30, 2025 at 02:17:23PM +0800, Zhenzhong Duan wrote:
>> Add element "quoteGenerationSocket" to tdx launch security type.
>> It contains only an optional unix socket address attribute,
>> when omitted, libvirt will use default QGS server address
>> "/var/run/tdx-qgs/qgs.socket".
>>
>> UNIX sockets offer the required functionality with greater
>> security than vsock, so libvirt only provides support for unix
>> socket.
>>
>> XML example:
>>
>> <launchSecurity type='tdx'>
>> <policy>0x0</policy>
>> <mrConfigId>xxx</mrConfigId>
>> <mrOwner>xxx</mrOwner>
>> <mrOwnerConfig>xxx</mrOwnerConfig>
>> <quoteGenerationSocket path="/var/run/tdx-qgs/qgs.socket"/>
>
>Minor nitpick - lets call the element 'quoteGenerationService'
>still.
QAPI exposes quote-generation-socket, do we really want a different name?
Matching QAPI naming is a non-goal. The 'quote-generation-socket'
property at the QAPI level actually maps to the 'path' attribute
in the XML. The existence of the XML element, without any path
set, indicates a request to enable use of QGS, and that makes
more sense with a name 'quoteGenerationService' as there's no
socket being specified in that case.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|